A hosted service system is a client-server architecture where certain tools, services or applications are hosted at the server side, and one or more client systems (also called tenant systems) are coupled to the server, also called a host, over a network. The server could be, for example, a virtual server or a real server. The tenant system or the client system may have multiple clients. The clients may use some or all of the services provided by the host server, on an as-needed basis. One of the advantages of this architecture is that the client(s) do(es) not have to buy and/or maintain the infrastructure to support the tools or applications. The other advantage is that the clients can use only relevant parts/services of the applications on an as need basis.
In hosted service systems, security of the tenant system data continues to be an issue and to some degree, an inhibitor for adoption. The “Software as a Service” (SaaS) model, or Cloud computing model, can be viewed as an example of a hosted system services. Even though there are cost advantages to this model, as the industry enters a new of wave of awareness and adoption, it is typical for the consumers/clients of the hosted applications still to be wary and unsure if their data will be secure with the vendor/host of the service.
Many of the SaaS vendors have managed to mitigate security threats from external sources, and making sure that tenants' have limited access to their own data and that no other tenant system or user can access data they are not supposed to view. However, security issues persist, in that the tenant system data, including possibly sensitive data, is still vulnerable from internal security threats posed by internal systems of the host, for example, administrators of the databases and/or applications at the host.
Typically, the vendor/host assures a client at the tenant system that all the data is stored as encrypted data in the host database. As is well known, various encryption methodologies exist to encrypt the data stored in the host database. The public key infrastructure (PKI) and the Data Encryption Standard (DES) are known examples of encryption methodologies. The vendor/host may also secure the data while the data is sent across on the network. The data is encrypted using transport layer protocols, such as, for example, the Secure Socket Layer (SSL) protocol. Transport Layer Security (TLS) is another cryptographic protocol well studied in the prior art that facilitates providing security and data integrity for communications over TCP/IP networks such as the Internet. TLS and SSL encrypt the segments of network connections at the transport layer end-to-end. Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and Voice-over-IP (VoIP).
However, an issue that continues to remain unsolved is that the application or software that processes tenant system data at the vendor/host system continues to have access to unencrypted sensitive data of the tenant system, leading to security concerns. Existing methodologies, however, appear to only partially resolve the security issue as the encryption logic still resides with the host/vendor.
Some other prior art approaches use symmetric and asymmetric keys for the hosted systems. However, those solutions do not appear to not solve the host security issue.